#set( $symbol_pound = '#' )
#set( $symbol_dollar = '$' )
#set( $symbol_escape = '\' )
package ${package}.config;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.stereotype.Component;
import uyun.whale.security.auth.authorization.ConfigAuthorizationManager;

/**
 * @author: yangfei
 * @desc: 自定义安全设置
 * <p>
 * 1  registry.antMatchers("/frontapi/user/update").access("@securityChecker.hasPermission(authentication, request)");
 * 2  下面示例设置该接口访问权限，需要在对应controller 增加
 * @GetMapping("/frontapi/user/update")
 * @Secured({"update", "delete"})
 * public String updateUser(String name) {
 * return name;
 * }
 * 3 在设置该用户code，接口对应对权限。
 * @date: created in 2019/4/15 11:09
 * @modifed by:
 */
@Component
public class DefaultAuthorizationManager implements ConfigAuthorizationManager {

    @Override
    public void config(HttpSecurity http) throws Exception {
        http.csrf().disable()
                // 基于token，所以不需要session
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .authorizeRequests();
        // 禁用缓存
        http.headers().cacheControl();
        http.headers().frameOptions().sameOrigin();

        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.authorizeRequests();
        registry.antMatchers("/${artifactId}/frontapi/v1/todos/update").access("@securityChecker.hasPermission(authentication, request)");

        registry.antMatchers(
                "/${artifactId}/frontapi/v1/todos/search",
                "/${artifactId}/frontapi/v1/todos/create",
                "/${artifactId}/frontapi/v1/todos/query",
                
                "/${artifactId}/openapi/**").authenticated();
        registry.anyRequest().authenticated();
    }

    @Override
    public void config(WebSecurity web) {
        web.ignoring().antMatchers(
                "/",
                "/static/**",
                "/tenant/**",
                "/frontend/**",
                "/actuator/**",
                "/h2/**",
                "/actuator/health",
                "/favicon.ico");
    }
}
